Secure Coding mailing list archives
Re: Change of position
From: ljknews <ljknews () mac com>
Date: Thu, 01 Apr 2004 21:28:48 +0100
At 10:09 AM -0500 4/1/04, Gary McGraw wrote:
Hi all, I have done lots of soul searching lately and have come to the conclusion that trying to make software secure is not worth the effort. I think instead we should concentrate more effort on protection technologies such as advanced stateful firewalls, intrusion detection mechanisms, host-based behavior control, and above all policy. We simply can't make software work effectively in a cost effective manner. I hope all of you will agree.
I realize it is April Fools day, but all the "host-based behavior control" I have encountered is implemented by operating system software. If that software cannot be made secure, there is no hope. The major timewasting I see in software security is the leap of faith from: theoretically, safe code can be written in any language to: using "any language" to write safe code can be done within real-world economic constraints.
Current thread:
- Change of position Gary McGraw (Apr 01)
- Re: Change of position Dana Epp (Apr 01)
- Re: Change of position ljknews (Apr 01)
- <Possible follow-ups>
- RE: Change of position Gary McGraw (Apr 01)
- RE: Change of position Dave Paris (Apr 02)
- Re: Change of position Peter G. Neumann (Apr 02)